Summary: | DefaultServlet could leak resource in method copy - CID-45243 | ||
---|---|---|---|
Product: | Tomcat 8 | Reporter: | Felix Schumacher <felix.schumacher> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | P2 | ||
Version: | 8.0.x-trunk | ||
Target Milestone: | ---- | ||
Hardware: | All | ||
OS: | All | ||
Attachments: | always close istream in DefaultServlet#copy |
Thanks for reviewing the Coverity Scan results. I've applied a variation of your patch (I used try with resources) to 8.0.x and this will be included in 8.0.13 onwards. Fix is committed to 7.0.x and will be available in 7.0.56 onwards. |
Created attachment 31955 [details] always close istream in DefaultServlet#copy In method copy istream could be left unclosed, if write operations on ostream would throw an exception before copyRange is called. A simple fix is to wrap the ostream-operations together with copyRange in a try-finally block. If the exceptions should be catched into the variable exception like copyRange does, it could be done so in an additionally catch block (which is missing from the attached patch).